1 /* Lzma decompressor for Linux kernel. Shamelessly snarfed 2 *from busybox 1.1.1 3 * 4 *Linux kernel adaptation 5 *Copyright (C) 2006 Alain < alain@knaff.lu > 6 * 7 *Based on small lzma deflate implementation/Small range coder 8 *implementation for lzma. 9 *Copyright (C) 2006 Aurelien Jacobs < aurel@gnuage.org > 10 * 11 *Based on LzmaDecode.c from the LZMA SDK 4.22 (http://www.7-zip.org/) 12 *Copyright (C) 1999-2005 Igor Pavlov 13 * 14 *Copyrights of the parts, see headers below. 15 * 16 * 17 *This program is free software; you can redistribute it and/or 18 *modify it under the terms of the GNU Lesser General Public 19 *License as published by the Free Software Foundation; either 20 *version 2.1 of the License, or (at your option) any later version. 21 * 22 *This program is distributed in the hope that it will be useful, 23 *but WITHOUT ANY WARRANTY; without even the implied warranty of 24 *MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 25 *Lesser General Public License for more details. 26 * 27 *You should have received a copy of the GNU Lesser General Public 28 *License along with this library; if not, write to the Free Software 29 *Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 30 */ 31 32 #ifdef STATIC 33 #define PREBOOT 34 #else 35 #include <linux/decompress/unlzma.h> 36 #include <linux/slab.h> 37 #endif /* STATIC */ 38 39 #include <linux/decompress/mm.h> 40 41 #define MIN(a, b) (((a) < (b)) ? (a) : (b)) 42 43 static long long INIT read_int(unsigned char *ptr, int size) 44 { 45 int i; 46 long long ret = 0; 47 48 for (i = 0; i < size; i++) 49 ret = (ret << 8) | ptr[size-i-1]; 50 return ret; 51 } 52 53 #define ENDIAN_CONVERT(x) \ 54 x = (typeof(x))read_int((unsigned char *)&x, sizeof(x)) 55 56 57 /* Small range coder implementation for lzma. 58 *Copyright (C) 2006 Aurelien Jacobs < aurel@gnuage.org > 59 * 60 *Based on LzmaDecode.c from the LZMA SDK 4.22 (http://www.7-zip.org/) 61 *Copyright (c) 1999-2005 Igor Pavlov 62 */ 63 64 #include <linux/compiler.h> 65 66 #define LZMA_IOBUF_SIZE 0x10000 67 68 struct rc { 69 int (*fill)(void*, unsigned int); 70 uint8_t *ptr; 71 uint8_t *buffer; 72 uint8_t *buffer_end; 73 int buffer_size; 74 uint32_t code; 75 uint32_t range; 76 uint32_t bound; 77 }; 78 79 80 #define RC_TOP_BITS 24 81 #define RC_MOVE_BITS 5 82 #define RC_MODEL_TOTAL_BITS 11 83 84 85 static int nofill(void *buffer, unsigned int len) 86 { 87 return -1; 88 } 89 90 /* Called twice: once at startup and once in rc_normalize() */ 91 static void INIT rc_read(struct rc *rc) 92 { 93 rc->buffer_size = rc->fill((char *)rc->buffer, LZMA_IOBUF_SIZE); 94 if (rc->buffer_size <= 0) 95 error("unexpected EOF"); 96 rc->ptr = rc->buffer; 97 rc->buffer_end = rc->buffer + rc->buffer_size; 98 } 99 100 /* Called once */ 101 static inline void INIT rc_init(struct rc *rc, 102 int (*fill)(void*, unsigned int), 103 char *buffer, int buffer_size) 104 { 105 if (fill) 106 rc->fill = fill; 107 else 108 rc->fill = nofill; 109 rc->buffer = (uint8_t *)buffer; 110 rc->buffer_size = buffer_size; 111 rc->buffer_end = rc->buffer + rc->buffer_size; 112 rc->ptr = rc->buffer; 113 114 rc->code = 0; 115 rc->range = 0xFFFFFFFF; 116 } 117 118 static inline void INIT rc_init_code(struct rc *rc) 119 { 120 int i; 121 122 for (i = 0; i < 5; i++) { 123 if (rc->ptr >= rc->buffer_end) 124 rc_read(rc); 125 rc->code = (rc->code << 8) | *rc->ptr++; 126 } 127 } 128 129 130 /* Called once. TODO: bb_maybe_free() */ 131 static inline void INIT rc_free(struct rc *rc) 132 { 133 free(rc->buffer); 134 } 135 136 /* Called twice, but one callsite is in inline'd rc_is_bit_0_helper() */ 137 static void INIT rc_do_normalize(struct rc *rc) 138 { 139 if (rc->ptr >= rc->buffer_end) 140 rc_read(rc); 141 rc->range <<= 8; 142 rc->code = (rc->code << 8) | *rc->ptr++; 143 } 144 static inline void INIT rc_normalize(struct rc *rc) 145 { 146 if (rc->range < (1 << RC_TOP_BITS)) 147 rc_do_normalize(rc); 148 } 149 150 /* Called 9 times */ 151 /* Why rc_is_bit_0_helper exists? 152 *Because we want to always expose (rc->code < rc->bound) to optimizer 153 */ 154 static inline uint32_t INIT rc_is_bit_0_helper(struct rc *rc, uint16_t *p) 155 { 156 rc_normalize(rc); 157 rc->bound = *p * (rc->range >> RC_MODEL_TOTAL_BITS); 158 return rc->bound; 159 } 160 static inline int INIT rc_is_bit_0(struct rc *rc, uint16_t *p) 161 { 162 uint32_t t = rc_is_bit_0_helper(rc, p); 163 return rc->code < t; 164 } 165 166 /* Called ~10 times, but very small, thus inlined */ 167 static inline void INIT rc_update_bit_0(struct rc *rc, uint16_t *p) 168 { 169 rc->range = rc->bound; 170 *p += ((1 << RC_MODEL_TOTAL_BITS) - *p) >> RC_MOVE_BITS; 171 } 172 static inline void rc_update_bit_1(struct rc *rc, uint16_t *p) 173 { 174 rc->range -= rc->bound; 175 rc->code -= rc->bound; 176 *p -= *p >> RC_MOVE_BITS; 177 } 178 179 /* Called 4 times in unlzma loop */ 180 static int INIT rc_get_bit(struct rc *rc, uint16_t *p, int *symbol) 181 { 182 if (rc_is_bit_0(rc, p)) { 183 rc_update_bit_0(rc, p); 184 *symbol *= 2; 185 return 0; 186 } else { 187 rc_update_bit_1(rc, p); 188 *symbol = *symbol * 2 + 1; 189 return 1; 190 } 191 } 192 193 /* Called once */ 194 static inline int INIT rc_direct_bit(struct rc *rc) 195 { 196 rc_normalize(rc); 197 rc->range >>= 1; 198 if (rc->code >= rc->range) { 199 rc->code -= rc->range; 200 return 1; 201 } 202 return 0; 203 } 204 205 /* Called twice */ 206 static inline void INIT 207 rc_bit_tree_decode(struct rc *rc, uint16_t *p, int num_levels, int *symbol) 208 { 209 int i = num_levels; 210 211 *symbol = 1; 212 while (i--) 213 rc_get_bit(rc, p + *symbol, symbol); 214 *symbol -= 1 << num_levels; 215 } 216 217 218 /* 219 * Small lzma deflate implementation. 220 * Copyright (C) 2006 Aurelien Jacobs < aurel@gnuage.org > 221 * 222 * Based on LzmaDecode.c from the LZMA SDK 4.22 (http://www.7-zip.org/) 223 * Copyright (C) 1999-2005 Igor Pavlov 224 */ 225 226 227 struct lzma_header { 228 uint8_t pos; 229 uint32_t dict_size; 230 uint64_t dst_size; 231 } __attribute__ ((packed)) ; 232 233 234 #define LZMA_BASE_SIZE 1846 235 #define LZMA_LIT_SIZE 768 236 237 #define LZMA_NUM_POS_BITS_MAX 4 238 239 #define LZMA_LEN_NUM_LOW_BITS 3 240 #define LZMA_LEN_NUM_MID_BITS 3 241 #define LZMA_LEN_NUM_HIGH_BITS 8 242 243 #define LZMA_LEN_CHOICE 0 244 #define LZMA_LEN_CHOICE_2 (LZMA_LEN_CHOICE + 1) 245 #define LZMA_LEN_LOW (LZMA_LEN_CHOICE_2 + 1) 246 #define LZMA_LEN_MID (LZMA_LEN_LOW \ 247 + (1 << (LZMA_NUM_POS_BITS_MAX + LZMA_LEN_NUM_LOW_BITS))) 248 #define LZMA_LEN_HIGH (LZMA_LEN_MID \ 249 +(1 << (LZMA_NUM_POS_BITS_MAX + LZMA_LEN_NUM_MID_BITS))) 250 #define LZMA_NUM_LEN_PROBS (LZMA_LEN_HIGH + (1 << LZMA_LEN_NUM_HIGH_BITS)) 251 252 #define LZMA_NUM_STATES 12 253 #define LZMA_NUM_LIT_STATES 7 254 255 #define LZMA_START_POS_MODEL_INDEX 4 256 #define LZMA_END_POS_MODEL_INDEX 14 257 #define LZMA_NUM_FULL_DISTANCES (1 << (LZMA_END_POS_MODEL_INDEX >> 1)) 258 259 #define LZMA_NUM_POS_SLOT_BITS 6 260 #define LZMA_NUM_LEN_TO_POS_STATES 4 261 262 #define LZMA_NUM_ALIGN_BITS 4 263 264 #define LZMA_MATCH_MIN_LEN 2 265 266 #define LZMA_IS_MATCH 0 267 #define LZMA_IS_REP (LZMA_IS_MATCH + (LZMA_NUM_STATES << LZMA_NUM_POS_BITS_MAX)) 268 #define LZMA_IS_REP_G0 (LZMA_IS_REP + LZMA_NUM_STATES) 269 #define LZMA_IS_REP_G1 (LZMA_IS_REP_G0 + LZMA_NUM_STATES) 270 #define LZMA_IS_REP_G2 (LZMA_IS_REP_G1 + LZMA_NUM_STATES) 271 #define LZMA_IS_REP_0_LONG (LZMA_IS_REP_G2 + LZMA_NUM_STATES) 272 #define LZMA_POS_SLOT (LZMA_IS_REP_0_LONG \ 273 + (LZMA_NUM_STATES << LZMA_NUM_POS_BITS_MAX)) 274 #define LZMA_SPEC_POS (LZMA_POS_SLOT \ 275 +(LZMA_NUM_LEN_TO_POS_STATES << LZMA_NUM_POS_SLOT_BITS)) 276 #define LZMA_ALIGN (LZMA_SPEC_POS \ 277 + LZMA_NUM_FULL_DISTANCES - LZMA_END_POS_MODEL_INDEX) 278 #define LZMA_LEN_CODER (LZMA_ALIGN + (1 << LZMA_NUM_ALIGN_BITS)) 279 #define LZMA_REP_LEN_CODER (LZMA_LEN_CODER + LZMA_NUM_LEN_PROBS) 280 #define LZMA_LITERAL (LZMA_REP_LEN_CODER + LZMA_NUM_LEN_PROBS) 281 282 283 struct writer { 284 uint8_t *buffer; 285 uint8_t previous_byte; 286 size_t buffer_pos; 287 int bufsize; 288 size_t global_pos; 289 int(*flush)(void*, unsigned int); 290 struct lzma_header *header; 291 }; 292 293 struct cstate { 294 int state; 295 uint32_t rep0, rep1, rep2, rep3; 296 }; 297 298 static inline size_t INIT get_pos(struct writer *wr) 299 { 300 return 301 wr->global_pos + wr->buffer_pos; 302 } 303 304 static inline uint8_t INIT peek_old_byte(struct writer *wr, 305 uint32_t offs) 306 { 307 if (!wr->flush) { 308 int32_t pos; 309 while (offs > wr->header->dict_size) 310 offs -= wr->header->dict_size; 311 pos = wr->buffer_pos - offs; 312 return wr->buffer[pos]; 313 } else { 314 uint32_t pos = wr->buffer_pos - offs; 315 while (pos >= wr->header->dict_size) 316 pos += wr->header->dict_size; 317 return wr->buffer[pos]; 318 } 319 320 } 321 322 static inline void INIT write_byte(struct writer *wr, uint8_t byte) 323 { 324 wr->buffer[wr->buffer_pos++] = wr->previous_byte = byte; 325 if (wr->flush && wr->buffer_pos == wr->header->dict_size) { 326 wr->buffer_pos = 0; 327 wr->global_pos += wr->header->dict_size; 328 wr->flush((char *)wr->buffer, wr->header->dict_size); 329 } 330 } 331 332 333 static inline void INIT copy_byte(struct writer *wr, uint32_t offs) 334 { 335 write_byte(wr, peek_old_byte(wr, offs)); 336 } 337 338 static inline void INIT copy_bytes(struct writer *wr, 339 uint32_t rep0, int len) 340 { 341 do { 342 copy_byte(wr, rep0); 343 len--; 344 } while (len != 0 && wr->buffer_pos < wr->header->dst_size); 345 } 346 347 static inline void INIT process_bit0(struct writer *wr, struct rc *rc, 348 struct cstate *cst, uint16_t *p, 349 int pos_state, uint16_t *prob, 350 int lc, uint32_t literal_pos_mask) { 351 int mi = 1; 352 rc_update_bit_0(rc, prob); 353 prob = (p + LZMA_LITERAL + 354 (LZMA_LIT_SIZE 355 * (((get_pos(wr) & literal_pos_mask) << lc) 356 + (wr->previous_byte >> (8 - lc)))) 357 ); 358 359 if (cst->state >= LZMA_NUM_LIT_STATES) { 360 int match_byte = peek_old_byte(wr, cst->rep0); 361 do { 362 int bit; 363 uint16_t *prob_lit; 364 365 match_byte <<= 1; 366 bit = match_byte & 0x100; 367 prob_lit = prob + 0x100 + bit + mi; 368 if (rc_get_bit(rc, prob_lit, &mi)) { 369 if (!bit) 370 break; 371 } else { 372 if (bit) 373 break; 374 } 375 } while (mi < 0x100); 376 } 377 while (mi < 0x100) { 378 uint16_t *prob_lit = prob + mi; 379 rc_get_bit(rc, prob_lit, &mi); 380 } 381 write_byte(wr, mi); 382 if (cst->state < 4) 383 cst->state = 0; 384 else if (cst->state < 10) 385 cst->state -= 3; 386 else 387 cst->state -= 6; 388 } 389 390 static inline void INIT process_bit1(struct writer *wr, struct rc *rc, 391 struct cstate *cst, uint16_t *p, 392 int pos_state, uint16_t *prob) { 393 int offset; 394 uint16_t *prob_len; 395 int num_bits; 396 int len; 397 398 rc_update_bit_1(rc, prob); 399 prob = p + LZMA_IS_REP + cst->state; 400 if (rc_is_bit_0(rc, prob)) { 401 rc_update_bit_0(rc, prob); 402 cst->rep3 = cst->rep2; 403 cst->rep2 = cst->rep1; 404 cst->rep1 = cst->rep0; 405 cst->state = cst->state < LZMA_NUM_LIT_STATES ? 0 : 3; 406 prob = p + LZMA_LEN_CODER; 407 } else { 408 rc_update_bit_1(rc, prob); 409 prob = p + LZMA_IS_REP_G0 + cst->state; 410 if (rc_is_bit_0(rc, prob)) { 411 rc_update_bit_0(rc, prob); 412 prob = (p + LZMA_IS_REP_0_LONG 413 + (cst->state << 414 LZMA_NUM_POS_BITS_MAX) + 415 pos_state); 416 if (rc_is_bit_0(rc, prob)) { 417 rc_update_bit_0(rc, prob); 418 419 cst->state = cst->state < LZMA_NUM_LIT_STATES ? 420 9 : 11; 421 copy_byte(wr, cst->rep0); 422 return; 423 } else { 424 rc_update_bit_1(rc, prob); 425 } 426 } else { 427 uint32_t distance; 428 429 rc_update_bit_1(rc, prob); 430 prob = p + LZMA_IS_REP_G1 + cst->state; 431 if (rc_is_bit_0(rc, prob)) { 432 rc_update_bit_0(rc, prob); 433 distance = cst->rep1; 434 } else { 435 rc_update_bit_1(rc, prob); 436 prob = p + LZMA_IS_REP_G2 + cst->state; 437 if (rc_is_bit_0(rc, prob)) { 438 rc_update_bit_0(rc, prob); 439 distance = cst->rep2; 440 } else { 441 rc_update_bit_1(rc, prob); 442 distance = cst->rep3; 443 cst->rep3 = cst->rep2; 444 } 445 cst->rep2 = cst->rep1; 446 } 447 cst->rep1 = cst->rep0; 448 cst->rep0 = distance; 449 } 450 cst->state = cst->state < LZMA_NUM_LIT_STATES ? 8 : 11; 451 prob = p + LZMA_REP_LEN_CODER; 452 } 453 454 prob_len = prob + LZMA_LEN_CHOICE; 455 if (rc_is_bit_0(rc, prob_len)) { 456 rc_update_bit_0(rc, prob_len); 457 prob_len = (prob + LZMA_LEN_LOW 458 + (pos_state << 459 LZMA_LEN_NUM_LOW_BITS)); 460 offset = 0; 461 num_bits = LZMA_LEN_NUM_LOW_BITS; 462 } else { 463 rc_update_bit_1(rc, prob_len); 464 prob_len = prob + LZMA_LEN_CHOICE_2; 465 if (rc_is_bit_0(rc, prob_len)) { 466 rc_update_bit_0(rc, prob_len); 467 prob_len = (prob + LZMA_LEN_MID 468 + (pos_state << 469 LZMA_LEN_NUM_MID_BITS)); 470 offset = 1 << LZMA_LEN_NUM_LOW_BITS; 471 num_bits = LZMA_LEN_NUM_MID_BITS; 472 } else { 473 rc_update_bit_1(rc, prob_len); 474 prob_len = prob + LZMA_LEN_HIGH; 475 offset = ((1 << LZMA_LEN_NUM_LOW_BITS) 476 + (1 << LZMA_LEN_NUM_MID_BITS)); 477 num_bits = LZMA_LEN_NUM_HIGH_BITS; 478 } 479 } 480 481 rc_bit_tree_decode(rc, prob_len, num_bits, &len); 482 len += offset; 483 484 if (cst->state < 4) { 485 int pos_slot; 486 487 cst->state += LZMA_NUM_LIT_STATES; 488 prob = 489 p + LZMA_POS_SLOT + 490 ((len < 491 LZMA_NUM_LEN_TO_POS_STATES ? len : 492 LZMA_NUM_LEN_TO_POS_STATES - 1) 493 << LZMA_NUM_POS_SLOT_BITS); 494 rc_bit_tree_decode(rc, prob, 495 LZMA_NUM_POS_SLOT_BITS, 496 &pos_slot); 497 if (pos_slot >= LZMA_START_POS_MODEL_INDEX) { 498 int i, mi; 499 num_bits = (pos_slot >> 1) - 1; 500 cst->rep0 = 2 | (pos_slot & 1); 501 if (pos_slot < LZMA_END_POS_MODEL_INDEX) { 502 cst->rep0 <<= num_bits; 503 prob = p + LZMA_SPEC_POS + 504 cst->rep0 - pos_slot - 1; 505 } else { 506 num_bits -= LZMA_NUM_ALIGN_BITS; 507 while (num_bits--) 508 cst->rep0 = (cst->rep0 << 1) | 509 rc_direct_bit(rc); 510 prob = p + LZMA_ALIGN; 511 cst->rep0 <<= LZMA_NUM_ALIGN_BITS; 512 num_bits = LZMA_NUM_ALIGN_BITS; 513 } 514 i = 1; 515 mi = 1; 516 while (num_bits--) { 517 if (rc_get_bit(rc, prob + mi, &mi)) 518 cst->rep0 |= i; 519 i <<= 1; 520 } 521 } else 522 cst->rep0 = pos_slot; 523 if (++(cst->rep0) == 0) 524 return; 525 } 526 527 len += LZMA_MATCH_MIN_LEN; 528 529 copy_bytes(wr, cst->rep0, len); 530 } 531 532 533 534 STATIC inline int INIT unlzma(unsigned char *buf, int in_len, 535 int(*fill)(void*, unsigned int), 536 int(*flush)(void*, unsigned int), 537 unsigned char *output, 538 int *posp, 539 void(*error_fn)(char *x) 540 ) 541 { 542 struct lzma_header header; 543 int lc, pb, lp; 544 uint32_t pos_state_mask; 545 uint32_t literal_pos_mask; 546 uint16_t *p; 547 int num_probs; 548 struct rc rc; 549 int i, mi; 550 struct writer wr; 551 struct cstate cst; 552 unsigned char *inbuf; 553 int ret = -1; 554 555 set_error_fn(error_fn); 556 557 if (buf) 558 inbuf = buf; 559 else 560 inbuf = malloc(LZMA_IOBUF_SIZE); 561 if (!inbuf) { 562 error("Could not allocate input bufer"); 563 goto exit_0; 564 } 565 566 cst.state = 0; 567 cst.rep0 = cst.rep1 = cst.rep2 = cst.rep3 = 1; 568 569 wr.header = &header; 570 wr.flush = flush; 571 wr.global_pos = 0; 572 wr.previous_byte = 0; 573 wr.buffer_pos = 0; 574 575 rc_init(&rc, fill, inbuf, in_len); 576 577 for (i = 0; i < sizeof(header); i++) { 578 if (rc.ptr >= rc.buffer_end) 579 rc_read(&rc); 580 ((unsigned char *)&header)[i] = *rc.ptr++; 581 } 582 583 if (header.pos >= (9 * 5 * 5)) 584 error("bad header"); 585 586 mi = 0; 587 lc = header.pos; 588 while (lc >= 9) { 589 mi++; 590 lc -= 9; 591 } 592 pb = 0; 593 lp = mi; 594 while (lp >= 5) { 595 pb++; 596 lp -= 5; 597 } 598 pos_state_mask = (1 << pb) - 1; 599 literal_pos_mask = (1 << lp) - 1; 600 601 ENDIAN_CONVERT(header.dict_size); 602 ENDIAN_CONVERT(header.dst_size); 603 604 if (header.dict_size == 0) 605 header.dict_size = 1; 606 607 if (output) 608 wr.buffer = output; 609 else { 610 wr.bufsize = MIN(header.dst_size, header.dict_size); 611 wr.buffer = large_malloc(wr.bufsize); 612 } 613 if (wr.buffer == NULL) 614 goto exit_1; 615 616 num_probs = LZMA_BASE_SIZE + (LZMA_LIT_SIZE << (lc + lp)); 617 p = (uint16_t *) large_malloc(num_probs * sizeof(*p)); 618 if (p == 0) 619 goto exit_2; 620 num_probs = LZMA_LITERAL + (LZMA_LIT_SIZE << (lc + lp)); 621 for (i = 0; i < num_probs; i++) 622 p[i] = (1 << RC_MODEL_TOTAL_BITS) >> 1; 623 624 rc_init_code(&rc); 625 626 while (get_pos(&wr) < header.dst_size) { 627 int pos_state = get_pos(&wr) & pos_state_mask; 628 uint16_t *prob = p + LZMA_IS_MATCH + 629 (cst.state << LZMA_NUM_POS_BITS_MAX) + pos_state; 630 if (rc_is_bit_0(&rc, prob)) 631 process_bit0(&wr, &rc, &cst, p, pos_state, prob, 632 lc, literal_pos_mask); 633 else { 634 process_bit1(&wr, &rc, &cst, p, pos_state, prob); 635 if (cst.rep0 == 0) 636 break; 637 } 638 } 639 640 if (posp) 641 *posp = rc.ptr-rc.buffer; 642 if (wr.flush) 643 wr.flush(wr.buffer, wr.buffer_pos); 644 ret = 0; 645 large_free(p); 646 exit_2: 647 if (!output) 648 large_free(wr.buffer); 649 exit_1: 650 if (!buf) 651 free(inbuf); 652 exit_0: 653 return ret; 654 } 655 656 #ifdef PREBOOT 657 STATIC int INIT decompress(unsigned char *buf, int in_len, 658 int(*fill)(void*, unsigned int), 659 int(*flush)(void*, unsigned int), 660 unsigned char *output, 661 int *posp, 662 void(*error_fn)(char *x) 663 ) 664 { 665 return unlzma(buf, in_len - 4, fill, flush, output, posp, error_fn); 666 } 667 #endif 668